PT-2021-7854 · Linux+2 · Linux Kernel+2

Published

2021-02-01

·

Updated

2023-12-04

·

CVE-2023-1295

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions 5.6 through 5.11
Description A time-of-check to time-of-use issue exists in the io uring subsystem's IORING OP CLOSE operation, allowing a local user to elevate their privileges to root. This issue is related to synchronization errors when using shared resources.
Recommendations For Linux kernel versions 5.6 through 5.11, update to a version that includes the patch for this issue, as introduced in the commit 9eac1904d3364254d622bf2c771c4f85cd435fc2, which was backported to stable in 788d0824269bef539fe31a785b1517882eafed93. As a temporary workaround, consider restricting access to the io uring subsystem until the issue is resolved.

Fix

Time Of Check To Time Of Use

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-367

Related Identifiers

ALT-PU-2023-1066
BDU:2023-03726
CVE-2023-1295
OESA-2023-1435
OESA-2023-1436
OESA-2023-1438
OESA-2023-1439

Affected Products

Alt Linux
Astra Linux
Linux Kernel